IAM, XSS and over 1000 new dynamic rules.

Recent updates have significantly enhanced dynamic analysis with new programming language support and vulnerable pattern detection, refined IAM management with new roles, improved granularity in attack surface access, advanced XSS detection, and vulnerable dependency identification, alongside crucial bug fixes across the system.

Mon 12 February 2024

🛠️ Enhanced Dynamic Analysis

Over the past month, significant advancements have been made in dynamic analysis. We've expanded our capabilities to include instrumentation support for Java, Kotlin, Swift, and Dart 🚀. We've also enhanced our detection mechanisms, identifying over 1,365 new vulnerable patterns in Swift and 846 in Dart.

HTTP Folders

🗝️ Refined IAM Management

We've fine-tuned IAM management by introducing two new roles: Reader, offering read-only access, and Attack Surface Auditor, designated for conducting thorough audits of the attack surface. This update ensures more tailored and secure access management.

HTTP Folders

🔍 More Detailed Attack Surface Insights

The Attack Surface feature now provides more detailed access control, tailored per Owner. This update enhances both the precision of discovered asset recommendations and the specificity of access rights, ensuring a more secure and efficient management of assets.

HTTP Folders

🛡️ Enhanced XSS Detection Capabilities

Our XSS Detection capabilities have undergone a significant overhaul, leading to better detection rates and broader coverage. We've added several new payloads and re-engineered our approach to authenticated testing, greatly enhancing the robustness of authentication during tests.

📦 Advanced Vulnerable Dependency Detection

We've improved the correlation between application fingerprints and known vulnerabilities searches. This enhancement has led to the detection of over 150% more new packages across various frameworks and languages, significantly boosting our ability to identify and mitigate vulnerabilities.

🐞 Bug Fixes

  • Resolved an issue causing errors in the detection of source map code leaks.
  • Fixed an error encountered when evaluating IP reputation.
  • Addressed a bug that prevented the crawler from collecting request and response headers.
  • Improved handling of large arguments collected during dynamic analysis.
  • Corrected an issue with XSS tab timeouts, ensuring no findings are missed.
  • Updated and clarified descriptions in our knowledge base entries.
  • Fixed CSV validation errors during asset imports.
  • Enhanced the computation of vulnerability DNA in the XSS Agent for more accurate detection.

We do newsletters, too

Get the latest news, updates, and product innovations from Ostorlab right in your inbox.

Table of Contents